 |
VOOZH | about |
|
VOOZH | about |
Authentication and Authorization are key security steps that ensure only the right users access a system and can perform permitted actions. Authentication verifies who you are, and Authorization determines what you can do.
This explains how users are first verified and then given the appropriate access:
Authentication is the process of verifying the identity of a user or system. It ensures that the user is legitimate by validating credentials like passwords, OTPs, or biometrics.
Working
The authentication process verifies the identity of a user before granting access to the system.
Authorization determines the access rights and permissions of an authenticated user. It decides what resources the user can access and what actions they are allowed to perform.
Working
The system uses authentication and authorization processes to control access and ensure security.
Here are some main differences between Authentication and Authorization:
| Authentication | Authorization |
|---|---|
| Verifies who the user is | Determines what the user can access |
| Performed before authorization | Happens after authentication |
| Requires login details (username, password, biometrics) | Requires user roles, privileges, or access levels |
| Determines if the user is valid | Determines what permissions the valid user has |
| Uses ID Tokens | Uses Access Tokens |
| Governed by OpenID Connect (OIDC) | Governed by OAuth 2.0 |
| Credentials can be changed by the user | Permissions can only be changed by the system owner |
| Visible to the user (entering credentials) | Not visible to the user (handled in the background) |
| Examples: Password, OTP, fingerprint, face recognition | Examples: Admin rights, read/write access, role-based permissions |
